Cheney, Edward A SSG RES USAR USARC wrote:
Users can only be protected from themselves through adherance to
policies, procedures, and relevant training. That is leadership
solution and not a technology solution. Protecting user from themselves
does not solve exploitable weaknesses in technology. In these cases you
have to simply fix the technology to disallow exploitation. If this
were not so software companies would not spend millions of dollars to
continually patch their products if administrators and management could
so easily retrain their users.
But what about market forces?
One of your concerns is embedded software backend communications, i.e.
cross domain xtalk unbeknowst to the users with embedded plugins like
- Real Player
- Windows Media Player (WMP)
All of these players (including Apple, Google, AT&T, ComCast and so
on) have a major strategy to add MORE background communications in
their designs to "network" users and also build their BI for added
value services (direct marketing, social networking).
AJAX is been relaxed for cross domain requests as well as IE already
allows with user authorization.
I know of only of WMP and Flash having domain whitelist for cross
domains xtalk. That is one of the big features in Flash 9.
I understand what you mean. Do you realize we have a 15 year old that
evolving? He is also the author of jQuery. Its scary to see this guy
in action exhibiting lack of social ethical engineering understanding
at times. I tried to provide some insight about all this - beware of
what you wanting to do.
But its really too late.
What I have trouble seeing is how SMTP will help. But you have two parts:
- Some authorization protocol using SMTP (i think), that
is coupled with,
- Prohibition of existing Interactive methods, i.e. DOM
I don't see how the two is related or why DOM events can no longer be
You are not going to stop DOM events, or even get people to consider
not using it. So if that is a major part of SAFE, you already have a
major road block in getting people interested in SAFE. Never mind the
technical issues related to a SMTP callback system especially one that
will be based on HTTP huge redundancy in HTTP requests.